2023-12-31 09:53:57 +00:00
|
|
|
---
|
|
|
|
|
title: We Removed FileCR as we Found Malware
|
|
|
|
|
description: Update on FileCR
|
|
|
|
|
date: 2023-08-14
|
2024-02-04 13:27:49 +00:00
|
|
|
next: false
|
|
|
|
|
aside: left
|
2023-12-31 09:53:57 +00:00
|
|
|
prev: false
|
2024-02-04 13:27:49 +00:00
|
|
|
sidebar: false
|
|
|
|
|
footer: true
|
2023-12-31 09:53:57 +00:00
|
|
|
---
|
2024-02-11 15:00:58 +00:00
|
|
|
|
2024-06-27 06:48:10 +00:00
|
|
|
<Post authors="['nbats']" />
|
2023-12-31 09:53:57 +00:00
|
|
|
|
|
|
|
|
# FileCR Malware
|
|
|
|
|
|
2024-06-27 06:48:10 +00:00
|
|
|
Note: The malware is not exclusive to FileCR and we don't have proof FileCR is
|
2024-02-11 15:00:58 +00:00
|
|
|
intentionally hosting it, but they haven't removed it. Possible sources of the
|
|
|
|
|
malware include some uploaders on sanet, but it seems to be coming from multiple
|
|
|
|
|
sources.
|
|
|
|
|
|
|
|
|
|
Since the malware has been found coming from multiple sources, info about the
|
|
|
|
|
malware itself has moved to [here](https://rentry.co/big_load_malware). Check
|
|
|
|
|
there for technical info or to check if you've been infected.
|
2023-12-31 09:53:57 +00:00
|
|
|
|
2024-02-11 15:00:58 +00:00
|
|
|
So far, malware has been found in the following cracks, but it is likely it is
|
|
|
|
|
undiscovered in many more downloads because of how large their catalog is.
|
2023-12-31 09:53:57 +00:00
|
|
|
|
2024-06-27 06:48:10 +00:00
|
|
|
- https://filecr.com/windows/kms-matrix/
|
|
|
|
|
- https://filecr.com/windows/windows-activator-by-goddy/
|
2024-02-11 15:00:58 +00:00
|
|
|
- https://filecr.com/windows/stardock-start11
|
|
|
|
|
- https://filecr.com/windows/malwarebytes-premium
|
|
|
|
|
- https://filecr.com/windows/navicat-premium (Navicat Premium 16.2.3)
|
|
|
|
|
- https://filecr.com/windows/outbyte-driver-updater
|
|
|
|
|
- https://filecr.com/windows/jetbrains-pycharm (Premium release, you need
|
2024-06-27 06:48:10 +00:00
|
|
|
https://greasyfork.org/en/scripts/403170-bypass-filecrypt to access)
|
2024-02-11 15:00:58 +00:00
|
|
|
- https://filecr.com/windows/avast-premier-antivirus
|
2023-12-31 09:53:57 +00:00
|
|
|
|
2024-06-27 06:48:10 +00:00
|
|
|
So far FileCR has not responded at all, which is unusual as they are usually
|
2024-02-11 15:00:58 +00:00
|
|
|
very active and have removed malware in the past as quickly as 6 hours. Because
|
2024-06-27 06:48:10 +00:00
|
|
|
the malware is included in multiple unrelated cracks and because they have not
|
|
|
|
|
responded at all to reports, they are likely to be in some way involved in
|
|
|
|
|
spreading or creating the malware. Also, some of the malware had descriptions
|
2024-02-11 15:00:58 +00:00
|
|
|
written just for FileCR, which is unusual, and the description for KMS matrix
|
|
|
|
|
contains lies about the activation given by the software.
|
2023-12-31 09:53:57 +00:00
|
|
|
|
|
|
|
|
## [Samples](https://rentry.co/big_load_malware#samples)
|
|
|
|
|
|
|
|
|
|
## [Am I infected?](https://rentry.co/big_load_malware#am-i-infected)
|
